Security researcher recommends against after detailing 7

A security researcher is recommending against LastPass password manager after detailing seven trackers found in the Android app.

theverge.com/2021/2/26/2230270

reports.exodus-privacy.eu.org/

LastPass Android: Drittanbieter überwachen jeden Schritt

kuketz-blog.de/lastpass-androi

Follow

@stux Oh shit! I hope that BitWarden/KeePass are ok. If not, I switch to Pass! :)

@stux oh god, really?! you just can't win. so what do you use?

@calculsoberic @stux protip: do not use pass on gentoo (for me it took 3 minutes to unlock password), i no longer use gentoo. just don’t use gentoo.

@wetsocks this is a pain because you have to store the passwords somewhere, don't you? I occasionally generate them in bash but it doesn't keep them for you.
@stux

@calculsoberic @stux pass has a flexible generation feature using /dev/urandom (pass generate) and the files are regular textfiles stored in a user-defined directory structure, encrypted by your gpg key.

@wetsocks ok! well, I already have a GPG key, so I'd just have to install pass! :abunsmile: @stux

@wetsocks @calculsoberic
I still use my head :blobcatgiggle: Thinking about something self hosted..

@stux I would, but I honestly can't remember all the passwords. I have a different one for each website/service.
@wetsocks

@calculsoberic @wetsocks Yup same! But many sorts! Also use prashes, much easier and also longggg!

I would not even dare to speak out most of them so discusting :blobcatgiggle:

@stux yes, for the self-generated ones I use diceware, so something like "pencil-cracker-tennis-desk-coffee-wipe-floor" (not an actual one!)
@wetsocks

Sign in to participate in the conversation
Mastodon 🐘

A general-purpose Mastodon server with a 1000 character limit.

Support us on Ko-Fi Support us on Patreon Support us via PayPal